svn commit: r316016 - head/security/vuxml
Dirk Meyer
dinoex at FreeBSD.org
Thu Apr 18 04:03:09 UTC 2013
Author: dinoex
Date: Thu Apr 18 04:03:08 2013
New Revision: 316016
URL: http://svnweb.freebsd.org/changeset/ports/316016
Log:
- add jasper
Feature safe: yes
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Thu Apr 18 02:39:21 2013 (r316015)
+++ head/security/vuxml/vuln.xml Thu Apr 18 04:03:08 2013 (r316016)
@@ -51,6 +51,38 @@ Note: Please add new entries to the beg
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="8ff84335-a7da-11e2-b3f5-003067c2616f">
+ <topic>jasper -- buffer overflow</topic>
+ <affects>
+ <package>
+ <name>jasper</name>
+ <range><lt>1.900.1_11</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Fedora reports:</p>
+ <blockquote cite="http://www.kb.cert.org/vuls/id/887409">
+ <p>JasPer fails to properly decode marker segments and other
+ sections in malformed JPEG2000 files. Malformed inputs can
+ cause heap buffer overflows which in turn may result in
+ execution of attacker-controlled code.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2008-3520</cvename>
+ <cvename>CVE-2008-3522</cvename>
+ <cvename>CVE-2011-4516</cvename>
+ <cvename>CVE-2011-4517</cvename>
+ <url>http://www.kb.cert.org/vuls/id/887409</url>
+ </references>
+ <dates>
+ <discovery>2011-12-09</discovery>
+ <entry>2013-04-18</entry>
+ </dates>
+ </vuln>
+
<vuln vid="2070c79a-8e1e-11e2-b34d-000c2957946c">
<topic>ModSecurity -- XML External Entity Processing Vulnerability</topic>
<affects>
More information about the svn-ports-all
mailing list